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DETAILED ACTION 
Status of Claims 

Claims 1-18 have been examined. 

Information Disclosure Statement 

1. The information disclosure statement (IDS) submitted on 30 December 2003 is in compliance 
with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being 
considered by the examiner. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. § 102(e) that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent 
or (2) a patent granted on an application for patent by another filed in the United States 
before the invention by the applicant for patent, except that an international application 
filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the 
English language. 

Claims 1-18 are rejected under 35 U.S.C. 102(e) as being anticipated by Pirhonen et al., U.S. 
Patent Publication No. US 2004/0039709, published on 26 February 2004. 
As per claim 1, Pirhonen et al. disclose a system comprising: 

• a terminal capable of communicating at least one of within and across at least one network, 
wherein the terminal is included within an organization including a plurality of terminals, at least 
one terminal having at least one characteristic and being at least one of a plurality of positions 
within the organization [0002-0003, 0032-0033, 0041, fig. 5]; 

• a secondary certification authority (CA) capable of providing at least one role certificate to the 
terminal based upon the at least one position of the terminal within the organization, wherein the 
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organization includes a plurality of secondary CA's capable of issuing at least one role certificate 
to respective groups of terminals of the organization [0024, 0033-0034, 0041, fig. 5]; 

• a tertiary CA capable of providing at least one permission certificate to the terminal based upon 
the at least one characteristic of the terminal that is located at a position within the organization, 
wherein the organization includes a plurality of tertiary CA's capable of issuing at least one 
permission certificate to respective sub-groups of terminals of the organization [0024, 0031, 0035, 
0041, fig. 5]; and 

• a server capable of authenticating the terminal based upon an identity certificate, the at least one 
role certificate and the at least one permission certificate of the terminal to thereby determine 
whether to grant the terminal access to at least one resource of the server [0020, 0023-0024, 
0041-0042, figs. 1, 5]. 

As per claims 2 and 8, Pirhonen et al. disclose a system/method of claims 1 and 7, respectively, 
wherein the terminal comprises a terminal included within an organization comprising a customer base of 
a cellular service provider that includes a plurality of terminals, each terminal being at one of a plurality of 
positions comprising a plurality of service plans offered by the cellular network operator, and wherein at 
least one terminal has at least one characteristic comprising at least one optional service offered by the 
cellular network operator [0002-0003, 0020]. 

As per claims 3 and 9, Pirhonen et al. disclose a system/method of claims 1 and 7, respectively, 
wherein the terminal comprises a terminal included within an organization comprising a customer base of 
a cellular service provider that includes a plurality of terminals, each terminal being at least one of a 
plurality of positions comprising a plurality of services offered by the cellular network operator, and 
wherein at least one terminal has at least one characteristic comprising at least one optional service 
offered by the cellular network operator [0002-0003, 0020]. 

As per claims 4 and 10, Pirhonen et al. disclose a system/method of claims 1 and 7, 
respectively, wherein the tertiary CA is capable of providing at least one permission certificate each 
having an associated validity time no greater than a validity time of the at least one role certificate 
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provided by the secondary CA, and no greater than a validity time of the identity certificate [0027, 0039, 
0041]. 

As per claims 5 and 11, Pirhonen et al. disclose a system/method of claims 4 and 10, 
respectively, wherein the server is capable of authenticating the terminal based upon the validity times of 
the identity certificate, at least one role certificate and at least one permission certificate of the respective 
terminal [0024, 0039, 0041]. 

As per claims 6 and 12, Pirhonen et al. disclose a system/method of claims 1 and 7, 
respectively, wherein the terminal is capable of requesting access to at least one resource of a server 
before the server authenticates the terminal, and wherein the server is capable of granting access to the 
at least one resource if the terminal is authenticated [0032-0033, 0041]. 

As per claim 7, Pirhonen et al. disclose a method of authenticating a terminal comprising: 

• providing a terminal capable of communicating at least one of within and across at least one 
network, wherein the terminal is included within an organization including a plurality of terminals, 
at least one terminal having at least one characteristic and being at least one of a plurality of 
positions within the organization [0002-0003, 0032-0033, 0041 , fig. 5]; 

• providing at least one role certificate to the terminal from a secondary certification authority (CA) 
based upon the at least one position of the terminal within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing at least one role certificate 
to respective groups of terminals of the organization [0024, 0033-0034, 0041, fig. 5]; 

• providing at least one permission certificate to the terminal from a tertiary CA based upon the at 
least one characteristic of the terminal located at a position within the organization, wherein the 
organization includes a plurality of tertiary CA's capable of issuing at least one permission 
certificate to respective sub-groups of terminals of the organization [0024, 0031, 0035, 0041, fig. 
5]; and 

• authenticating the terminal at a server based upon an identity certificate, the at least one role 
certificate and the at least one permission certificate of the terminal to thereby determine whether 
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to grant the terminal access to at least one resource of the server [0020, 0023-0024, 0041-0042, 
figs. 1,5]. 

As per claim 13, Pirhonen et al. disclose a terminal included within an organization including a 
plurality of terminals, each terminal having at least one characteristic and being at least one of a plurality 
of positions within the organization, the terminal comprising: 

• a controller capable of communicating at least one of within and across at least one network, 
wherein the controller is capable of obtaining at least one role certificate 10 from a secondary 
certification authority (CA) based upon the at least one position of the terminal within the 
organization and at least one permission certificate from a tertiary CA based upon the at least 
one characteristic of the terminal that is located at a position within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing at least one role certificate 
to respective groups of terminals of the organization, and wherein the organization includes a 
plurality of tertiary CA's capable of issuing at least one permission certificate to respective sub- 
groups of terminals of the organization [0040]; and 

• a memory capable of storing an identity certificate, at least one role certificate and at least one 
permission certificate [0025, 0029, 0030], 

wherein the controller is also capable of communicating with a server such that the server is 
capable of authenticating the terminal based upon the identity certificate, the at least one role 
certificate and the at least one permission certificate of the terminal to thereby determine whether 
to grant the terminal access to at least one resource of the server [0040]. 
As per claim 14, Pirhonen et al. disclose a terminal of claim 13, wherein the controller is capable 
of obtaining at least one role certificate from a secondary CA capable of issuing at least one role 
certificate to each terminal of the organization comprising a customer base of a cellular service provider 
that includes a plurality of terminals, each terminal being at one of a plurality of positions comprising a 
plurality of service plans offered by the cellular network operator, and wherein the controller is capable of 
obtaining at least one permission certificate based upon at least one characteristic comprising at least 
one optional service offered by the cellular network operator [0002-0003, 0020]. 
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As per claim 15, Pirhonen et al. disclose a terminal of claim 13, wherein the controller is capable 
of obtaining at least one role certificate from a secondary CA capable of issuing at least one role 
certificate to each terminal of the organization comprising a customer base of a cellular service provider 
that includes a plurality of terminals, each terminal being at least one of a plurality of positions comprising 
a plurality of services offered by the cellular network operator, and wherein the controller is capable of 
obtaining at least one permission certificate based upon at least one characteristic comprising at least 
one optional service offered by the cellular network operator [0002-0003, 0020]. 

As per claim 16, Pirhonen et al. disclose a terminal of claim 13, wherein the controller is capable 
of obtaining at least one permission certificate each having an associated validity time no greater than a 
validity time of the at least one role certificate obtained by the controller, and no greater than a validity 
time of the identity certificate [0027, 0039, 0041], 

As per claim 17, Pirhonen et al. disclose a terminal of claim 16, wherein the controller is also 
capable of communicating with a server such that the server is capable of authenticating the terminal 
based upon the validity times of the identity certificate, at least one role certificate and at least one 
permission certificate of the respective terminal [0024, 0039, 0041]. 

As per claim 18, Pirhonen et al. disclose a terminal of claim 13, wherein the controller is capable 
of requesting access to at least one resource of a server before the server authenticates the terminal 
such that the server is capable of granting access to the at least one resource if the terminal is 
authenticated [0032-0033, 0041]. 

Conclusion 

3. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

• Servicing providing method, system and program, Kato et al., U.S. Patent Publication No. US 
2003/0154407, published on 14 August 2003. 

• Electronic certificate system, Kawamura et al., U.S. Patent Publication No. US 2003/0093676, 
published on 15 May 2003. 
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• Consumption of content, Hurst et al., U.S. Patent Publication No. US 2003/0007646, published on 
9 January 2003. 

• Method for securely using digital signatures in a commercial cryptographic system, Sudia et al., 
U.S Patent No. 5,659,616, published on 19 August 1997. 

• Method for securely using digital signatures in a commercial cryptographic system, Sudia et al., 
U.S Patent Publication No. US 2002/0029337, published on 7 March 2002. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to NANCY LOAN T. LE whose telephone number is (703) 305-0549 (until 12 April 2005), and 
will be (571) 272-7066 effective 13 April 2005. The examiner can normally be reached on Monday- 
Thursday, 6am-4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JAMES P. TRAMMELL can be reached at (703) 305-9768 until 12 April 2005, and at (571) 272-6712 
effective 13 April 2005. The fax phone number for the organization where this application or proceeding 
is assigned is 703-872-9306 (remains unchanged), for official/regular communication. For informal/draft 
communication, the fax number is 703-302-3376 (rightfax). 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. 
Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
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Hand delivered responses should be brought to Receptionist whose telephone number is (703) 
305-3900 located in Crystal Park 5, at 2451 Crystal Drive, Arlington, Virginia 22202, seventh floor. 

NL 

April 4, 2005 



